
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE ] 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


10/621,927 


07/17/2003 


Paul Anthony Ashley 


AUS920030169US1 


3074 



32329 7590 01/09/2007 

IBM CORPORATION 
INTELLECTUAL PROPERTY LAW 
11400 BURNET ROAD 
AUSTIN, TX 78758 



EXAMINER 



HOFFMAN, BRANDON S 



ART UNIT 



PAPER NUMBER 



2136 



SHORTENED STATUTORY PERIOD OF RESPONSE 



MAIL DATE 



DELIVERY MODE 



3 MONTHS 0 1 /09/2007 PAPER 

Please And below and/or attached an Office communication concerning this application or proceeding. 

If NO period for reply is specified above, the maximum statutory period will apply and will expire 6 MONTHS 
from the mailing date of this communication. 



PTOL-90A (Rev. 10/06) 



Office Action Summary 


Application No. 

10/621,927 


Applicant(s) 

ASHLEY ET AL. 


Examiner 

Brandon S. Hoffman 


Art Unit 

2136 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )□ Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-33 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K Claim(s) 1-33 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)G3 The drawing(s) filed on 17 July 2003 is/are: a)G3 accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) £3 Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) [2 Information Disclosure Statement(s) (PTO/SB/08) 

Paper No(s)/Mail Date 7-17-03 & 2-11 -05 . 



4) O Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) EH Notice of Informal Patent Application 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20070103 



Application/Control Number: 1 0/621 ,927 Page 2 

Art Unit: 2136 

DETAILED ACTION 



Information Disclosure Statement 

1 . The information disclosure statement (IDS) submitted on February 1 1 , 2005, is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the information disclosure 
statement is being considered by the examiner. 

2. The information disclosure statement filed July 1 7, 2003, fails to comply with the 
provisions of 37 CFR 1 .97, 1 .98 and MPEP § 609 because the Japanese reference 
(2001-237820A) is missing from the application file, and therefore cannot be 
considered. Applicant is advised that the date of any re-submission of any item of 
information contained in this information disclosure statement or the submission of any 
missing element(s) will be the date of submission for purposes of determining 
compliance with the requirements based on the time of filing the statement, including all 
certification requirements for statements under 37 CFR 1.97(e). See MPEP 

§ 609.05(a). The other references, filed in the July 17, 2003 IDS, have been 
considered. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 21-30 and 33 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Claims 21-30 and 33 are not 
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limited to tangible embodiments. In view of applicants 1 disclosure, specification, page 
29, lines 26-30, the medium is not limited to tangible embodiments, instead being 
defined as including both tangible embodiments (e.g., EPROM, floppy disc) and 
intangible embodiments (e.g., transmission-type media, communications links). As 
such, the claim is not limited to statutory subject matter and is therefore non-statutory. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-9, 11-19, 21-29, and 31-33 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Joshi et al. (U.S. Patent Pub. No. 2002/0091 798). 

Regarding claims 1,11, and 21 , Joshi et al. teaches a 
method/apparatus/computer program product in a computer-readable medium for 
performing authentication operations, the method/apparatus/computer program product 
comprising: 

• Performing a non-certificate-based authentication operation through an SSL 
(Secure Sockets Layer) session between a server and a client (paragraph 0144, 
0145, and fig. 33, the authentication scheme sets an SSL parameter to enable 
SSL for the challenge method being used); and 
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• Subsequent to performing the non-certificate-based authentication operation, 
performing a certificate-based authentication operation through the SSL session 
between the server and the client without exiting or renegotiating the SSL 
session prior to completion of the certificate-based authentication operation 
(paragraph 0144, 0145, and fig. 35, the X.509 challenge method uses certificates 
for authentication over an SSL connection). 

Regarding claims 2. 12. and 22 . Joshi et al. teaches wherein negotiation of the 
SSL session uses a first digital certificate from the client, wherein the certificate-based 
authentication operation uses a second digital certificate from the client, and wherein 
the first digital certificate and the second digital certificate are not identical (paragraph 
0204 and fig. 35, ref. num 1352 and 1356). 

Regarding claims 3. 13. and 23 . Joshi et al. teaches further comprising providing 
access to a first resource for a client by a server in association with the non-certificate- 
based authentication operation (fig. 22, ref. num 795). 

Regarding claims 4. 14. and 24 . Joshi et al. teaches wherein the step of 
providing access to the first resource further comprises: 

• Receiving at the server a first resource request from the client (fig. 22, ref. num 
750); 

• In response to determining that the first resource request requires completion of 
a non-certificate-based authentication operation prior to responding to the first 
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resource request, establishing an SSL (Secure Sockets Layer) session between 
the server and the client (fig. 22, ref. num 756); and 

• In response to successfully performing the non-certificate-based authentication 
operation between the server and the client through the SSL session, sending a 
first resource response from the server to the client (fig. 22, ref. num 790, 792, 
794, and 795). 

Regarding claims 5, 15, and 25 , Joshi et al. teaches further comprising providing 
access to a second resource for a client by a server in association with the certificate- 
based authentication operation (fig. 35). 

Regarding claims 6, 16, and 26 , Joshi et al. teaches wherein the step of 
providing access for the second resource further comprises: 

• Receiving at the server a second resource request from the client through the 
SSL session (fig. 35, ref. num 1348); 

• In response to determining that the second resource request requires a 
certificate-based authentication procedure, downloading an executable module to 
the client from the server through the SSL session (paragraph 0202); 

• Receiving at the server a digital signature that has been generated by the 
executable module using a digital certificate at the client (fig. 35, ref. num 1360- 
1364); and 

• In response to successfully verifying the digital signature at the server, sending a 
second resource response from the server to the client (fig. 35, ref. num 1366). 
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Regarding claims 7, 17, and 27 . Joshi et al. teaches wherein the step of 
providing access for the second resource further comprises: 

• Receiving at the server a second resource request from the client through the 
SSL session (fig. 35, ref. num 1348); 

• In response to determining that the second resource request requires a 
certificate-based authentication procedure, triggering execution of a 
downloadable software module at the client by the server through the SSL 
session (paragraph 0204); 

• Receiving at the server a digital signature that has been generated by the 
execution of the downloadable software module using a digital certificate at the 
client (fig. 35, ref. num 1360-1364); and 

• In response to successfully verifying the digital signature at the server, sending a 
second resource response from the server to the client (fig. 35, ref. num 1366). 

Regarding claims 8, 18, and 28 , Joshi et al. teaches further comprising obtaining 
access to a second resource at a server by a client in association with the certificate- 
based authentication operation (fig. 35, ref. num 1366). 

Regarding claims 9, 19, and 29 , Joshi et al. teaches wherein the step of 
obtaining access to the second resource further comprises: 

• Sending a second resource request from the client to the server through the SSL 
session (fig. 35, ref. num 1348); 
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• Receiving an executable module at the client from the server through the SSL 
session, wherein the executable module comprises functionality for performing a 
certificate-based authentication operation (paragraph 0203); 

• Sending to the server through the SSL session a digital signature that has been 
generated by the executable module using a digital certificate at the client (); and 

• Receiving a second resource response from the server at the client (fig. 35, ref. 
num 1366). 

Regarding claims 31-33 , Joshi et al. teaches a method/apparatus/computer 
program product in a computer-readable medium for performing authentication 
operations, the method/apparatus/computer program product comprising: 

• Receiving at a server a first resource request from a client (fig. 22, ref. num 750); 

• In response to determining that the first resource request requires completion of 
a non-certificate-based authentication operation prior to responding to the first 
resource request, establishing an SSL (Secure Sockets Layer) session between 
the server and the client (fig. 22, ref. num 756); 

• Performing a non-certificate-based authentication operation through the SSL 
session (fig. 22, ref. num 790-794); 

• In response to successfully performing the non-certificate-based authentication 
operation, sending a first resource response from the server to the client (fig. 22, 
ref. num 795); 
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• Receiving at the server a second resource request from the client through the 
SSL session subsequent to performing the non-certificate-based authentication 
operation (fig. 35, ref. num 1348); 

• In response to determining that the second resource request requires a 
certificate-based authentication procedure, downloading an executable module to 
the client from the server through the SSL session (paragraph 0202); 

• Receiving at the server through the SSL session a digital signature that has been 
generated by the executable module using a digital certificate at the client (fig. 
35, ref. num 1360-1364); and 

• In response to successfully verifying the digital signature at the server, sending a 
second resource response from the server to the client (fig. 35, ref. num 1366). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 10, 20, and 30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Joshi etal. (U.S. Patent Pub. No. 2002/0091798). 

Regarding claims 10, 20, and 30 , Joshi et al. teaches wherein the step of 
obtaining access to the second resource further comprises: 
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• Sending a second resource request from the client to the server through the SSL 
session (fig. 35, ref. num 1348); 

• Sending to the server through the SSL session a digital signature that has been 
generated by the executable module using a digital certificate at the client (fig. 
35, ref. num 1360-1364); and 

• Receiving a second resource response from the server at the client (fig. 35, ref. 
num 1366). 

Joshi et al. fails to specifically teach receiving at the client from the server 
through the SSL session a response message having content with an associated 
content type indicator and in response to determining a content type for the content, 
executing a downloadable software module at the client. However, Official Notice is 
taken that these steps would have been obvious, given the nature of the teachings of 
Joshi et al. because the content type indicator tells the client browser which content 
type is being used, and further enables the client browser to load the appropriate plug-in 
to play/view the requested content type. 

It would have been obvious for such modifications because detecting a specific 
content type allows the appropriate plug-in to be loaded to ensure proper operation and 
lower the amount of user frustration over trying to figure out which plug-in should be 
loaded for each resource request. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



273-8300. 
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